5181429 2000-06-10  06:56  /60 rader/ Postmaster
Mottagare: Bugtraq (import) <11232>
Ärende: Trustix Security Advisory
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
X-Phone-Number: +47 97 11 48 58
X-Adress: Tordenskioldsgt. 12, 7012 Trondheim, Norway
X-Priority: 1
X-MSMail-Priority: High
X-Face: R=b-K(^1#]KR?6moG:Wrc/t>p)?p`?bgHg36M3hZ>^?\akat3!nX*8xZpIvZrI#]ZzN`I< 
       L{8#pdH*1SOB$Zu-_e1<>iE$5cGiLhRem.ct.QtE=&v@9\S_6slX4='![%,F3^&ed5Y5g-#!N'Lr[ 
       &Gfs3c}pYq^oUo{8l-qD87s[P1~+f([41~gD}Pj)nX|KcVv;tF4IIx%pnN\UL|SNT
User-Agent: Gnus/5.0806 (Gnus v5.8.6) XEmacs/21.1 (Arches)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID:  <03d7lqvqhe.fsf@colargol.tihlde.hist.no>
Date:         Fri, 9 Jun 2000 17:11:41 +0200
Reply-To: Oystein Viggen <oysteivi@TRUSTIX.COM>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Oystein Viggen <oysteivi@TRUSTIX.COM>
Organization: Trustix
To: BUGTRAQ@SECURITYFOCUS.COM

Hi

The now fairly well known capability bug in the Linux kernel, also
indirectly affects Trustix Secure Linux 1.00 and 1.01.

While it has not been proven that any software shipped with TSL 1.0x
can be used to exploit this bug, we know that many of our users add
their own packages to their servers, making us indirectly susceptible
to exploits.

We have therefore chosen to release packages for TSL 1.01 containing
version 2.2.16 of the kernel, in which the hole is fixed. These files
can be found at:

ftp://ftp.trustix.com/pub/Trustix/updates/1.01/RPMS.

The md5 sums for the new packages are:

43b6ed5d67cee161f4cabc10eb2da89c  kernel-2.2.16-1tr_1.01.i586.rpm
5a8752eee9274e1f2f3aa528573e6ccd
kernel-BOOT-2.2.16-1tr_1.01.i586.rpm 009b6010b2040838558e517e38025cd2
kernel-doc-2.2.16-1tr_1.01.i586.rpm 8521eaea2aff56b3c264e43190a82e42
kernel-headers-2.2.16-1tr_1.01.i586.rpm
f1434dee12ff347c2287de6d0ff22258  kernel-smp-2.2.16-1tr_1.01.i586.rpm
6cbf9f025a214cac3adbfb7dfb7a5d7f
kernel-source-2.2.16-1tr_1.01.i586.rpm
56891d3e630148d4e93df8ca188cef9e
kernel-utils-2.2.16-1tr_1.01.i586.rpm

A short howto on installing the packages can be found at:

http://www.trustix.net/doc/kernel-upgrade/kernel-upgrade.html

Users of TSL 1.00 should use the 1.01 packages, as the two versions of
the distribution are fairly similar.

It should also be added that the newest beta release, TSL 1.0.96,
already contains the upgraded kernel, and is therefore not vulnerable.

Oystein Viggen
--
TSL developer
(5181429) ------------------------------------------(Ombruten)